<?
    require_once("config.php");
    
    if ($_POST) {
        if ($_POST['action'] == "forgot_go") {
            $query = DBM::FetchRow("SELECT * FROM guests WHERE email LIKE '$_POST[email]';");
            Functions::PrintHeader("Password Reset");
            
	    if (is_array($query)) {
                $update = array("reset_hash" => md5(microtime(true)));
	        DBM::Query(QueryTools::CreateQuery($update,"guests","update",$query['id']));
            
                MailManager::SendResetPassword($_POST['email'],$query['id']);
		
                SuccessMessage::Show("Password Reset Request","An E-Mail has been sent to the address you specified.  Please follow the instructions on the E-Mail to finish the reset.");
	    }
            
            Functions::PrintFooter();
        }
        else {
            if ($_POST['newpassword1'] && ($_POST['newpassword1'] == $_POST['newpassword2'])) {
                if (DatabaseManager::CountRows("SELECT * FROM guests WHERE email LIKE '" . SessionManager::Get('username') . "' AND password=MD5('$_POST[currentpassword]');") > 0) {
                    DatabaseManager::Query("UPDATE guests SET password=MD5('$_POST[newpassword1]') WHERE id=" . AuthManager::GetUserID() . ";");
                    header("Location: changepassword.php?error=3");
                }
                else {
                    header("Location: changepassword.php?error=2");
                }
            }
            else {
                header("Location: changepassword.php?error=1");
            }
        }
    }
    else if ($_GET['action'] == 'forgot') {
        Functions::PrintHeader("Forgot Password");
        
        WarningMessage::Show("RCS Accounts Note","If you use your RCS account to log in, you will not be able to use this form to change your password.");
        ?>
        <script type='text/javascript'>
            Event.observe(window,'load',function() {
                $("num3").value = ($("num1").value * 1) + ($("num2").value * 1);
            });
        </script>
        <form method="POST" action="changepassword.php">
            <input type='hidden' name='action' value='forgot_go' />
            <input type='hidden' name='num1' id='num1' value='<?=rand(0,100)?>' />
            <input type='hidden' name='num2' id='num2' value='<?=rand(0,100)?>' />
            <input type='hidden' name='num3' id='num3' />
            
            <table class='cgltable' align='center'>
            <thead>
                <tr>
                    <th colspan='2'>Forgot Your Password</th>
                </tr>
                </thead>
                <tr>
                    <td>E-Mail</td>
                    <td><input type='text' name='email' /></td>
                </tr>
                <tfoot>
                <tr>
                    <td colspan='2'>
                        <input type='submit' value='Reset Password' />
                    </td>
                </tr>
                </tfoot>
            </table>
        </form>
        <?php
        Functions::PrintFooter();
    }
    else {
        Functions::PrintHeader("Change Password");
        
        $errobj = null;
        switch ($_GET['error']) {
            case 1: $errobj = new Error("ERROR","New passwords didn't match.  Please try again."); break;
            case 2: $errobj = new Error("ERROR","Current password was wrong.  Please try again."); break;
            case 3: $errobj = new Error("Change Successful","Your password has been successfully change.  Click <a href='index.php'>here</a> to return to the main page.","success"); break;
                
        }
        if ($errobj != null) $errobj->Show();
        
        ?>
        <form method="POST" action="changepassword.php">
            <table class='cgltable' align='center'>
            <thead>
                <tr>
                    <th colspan='2'>Change Password</th>
                </tr>
            </thead>
                <tr>
                    <td class='label'>Current Password:</td>
                    <td><input type='password' name='currentpassword' /></td>
                </tr>
                <tr>
                    <td class='label'>New Password:</td>
                    <td><input type='password' name='newpassword1' /></td>
                </tr>
                <tr>
                    <td class='label'>New Password Again:</td>
                    <td><input type='password' name='newpassword2' /></td>
                </tr>
                <tfoot>
                <tr>
                    <td colspan='2'>
                        <input type='reset' value='Start Over' />
                        <input type='submit' value='Change Password' />
                    </td>
                </tr>
                </tfoot>
            </table>
        </form>
        <?
        Functions::PrintFooter();
    }
?>
